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(S//NF) Ken Thompson's gcc attack (described in his 1984 Turing award acceptance speech) motivates the 
StrawMan work: w T hat can be done of benefit to the US Intelligence Community (IC) if one can make an 
arbitrary modification to a system compiler or Software Development Kit (SDK)? A (whacked) SDK can 
provide a subtle injection vector onto standalone developer networks, or it can modify any binary compiled 
by that SDK. In the past, w T e have watermarked binaries for attribution, used binaries as an exfiltration 
mechanism, and inserted Trojans into compiled binaries. 

(S//NF) In this talk, we discuss our explorations of the Xcode (4,1) SDK. Xc ode is used to compile MacOS X 
applications and kernel extensions as w T ell as iOS applications. We describe how T we use (our w T hacked) 
Xcode to do the following things: -Entice all MacOS applications to create a remote backdoor on execution 
-Modify a dynamic dependency of security d to load our own library - which rewrites security d so that no 
prompt appears when exporting a developer's private key -Embed the developer's private key in al iOS 
applications -Force all iOS applications to send embedded data to a listening post -Convince al (new) 
kernel extensions to disable ASLR 

(S//NF) We also describe how T we modified both the MacOS X updater to instal an extra kernel extension (a 
keylogger) and the Xcode installer to include our SDK whacks. 
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